diff --git a/package-lock.json b/package-lock.json
index befcf31..c38eb1d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,6 +21,7 @@
         "class-validator": "^0.13.2",
         "connect-redis": "^6.1.3",
         "cookie-parser": "^1.4.6",
+        "cors": "^2.8.5",
         "cropperjs": "^1.5.12",
         "csrf": "^3.1.0",
         "dotenv": "^16.0.1",
@@ -55,6 +56,7 @@
         "@types/bcrypt": "^5.0.0",
         "@types/connect-redis": "^0.0.18",
         "@types/cookie-parser": "^1.4.3",
+        "@types/cors": "^2.8.12",
         "@types/express": "^4.17.13",
         "@types/express-session": "^1.17.5",
         "@types/express-useragent": "^1.0.2",
@@ -3407,6 +3409,12 @@
       "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
       "dev": true
     },
+    "node_modules/@types/cors": {
+      "version": "2.8.12",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
+      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
+      "dev": true
+    },
     "node_modules/@types/eslint": {
       "version": "8.4.1",
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
@@ -15128,6 +15136,12 @@
       "integrity": "sha512-t73xJJrvdTjXrn4jLS9VSGRbz0nUY3cl2DMGDU48lKl+HR9dbbjW2A9r3g40VA++mQpy6uuHg33gy7du2BKpog==",
       "dev": true
     },
+    "@types/cors": {
+      "version": "2.8.12",
+      "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.12.tgz",
+      "integrity": "sha512-vt+kDhq/M2ayberEtJcIN/hxXy1Pk+59g2FV/ZQceeaTyCtCucjL2Q7FXlFjtWn4n15KCr1NE2lNNFhp0lEThw==",
+      "dev": true
+    },
     "@types/eslint": {
       "version": "8.4.1",
       "resolved": "https://registry.npmjs.org/@types/eslint/-/eslint-8.4.1.tgz",
diff --git a/package.json b/package.json
index 11c5c95..5cf1b66 100644
--- a/package.json
+++ b/package.json
@@ -36,6 +36,7 @@
     "class-validator": "^0.13.2",
     "connect-redis": "^6.1.3",
     "cookie-parser": "^1.4.6",
+    "cors": "^2.8.5",
     "cropperjs": "^1.5.12",
     "csrf": "^3.1.0",
     "dotenv": "^16.0.1",
@@ -70,6 +71,7 @@
     "@types/bcrypt": "^5.0.0",
     "@types/connect-redis": "^0.0.18",
     "@types/cookie-parser": "^1.4.3",
+    "@types/cors": "^2.8.12",
     "@types/express": "^4.17.13",
     "@types/express-session": "^1.17.5",
     "@types/express-useragent": "^1.0.2",
diff --git a/src/main.ts b/src/main.ts
index b86c648..f71aa7b 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -16,6 +16,7 @@ dotenv.config();
 
 async function bootstrap() {
   const app = await NestFactory.create<NestExpressApplication>(AppModule);
+  app.enableCors({ origin: false });
   const config = app.get(ConfigurationService);
 
   const docBuilder = new DocumentBuilder()
diff --git a/src/modules/api/admin/admin.module.ts b/src/modules/api/admin/admin.module.ts
index 2791f24..c335816 100644
--- a/src/modules/api/admin/admin.module.ts
+++ b/src/modules/api/admin/admin.module.ts
@@ -25,7 +25,7 @@ import { AuditAdminController } from './audit-admin.controller';
     OAuth2Module,
     MulterModule.registerAsync({
       imports: [ConfigurationModule],
-      useFactory: async (config: ConfigurationService) => {
+      useFactory: async () => {
         return {
           storage: multer.diskStorage({
             destination: (req, file, cb) => {
diff --git a/src/modules/api/api.module.ts b/src/modules/api/api.module.ts
index 09e398b..346726b 100644
--- a/src/modules/api/api.module.ts
+++ b/src/modules/api/api.module.ts
@@ -1,4 +1,5 @@
 import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
+import * as cors from 'cors';
 import { ConfigurationModule } from '../config/config.module';
 import { JWTModule } from '../jwt/jwt.module';
 import { OAuth2Module } from '../oauth2/oauth2.module';
@@ -18,9 +19,12 @@ import { ApiController } from './api.controller';
   ],
 })
 export class ApiModule implements NestModule {
+  private corsOpts = cors({ origin: true, credentials: true });
+
   constructor(private _service: OAuth2Service) {}
 
   configure(consumer: MiddlewareConsumer) {
     consumer.apply(this._service.oauth.express()).forRoutes('/api*');
+    consumer.apply(this.corsOpts).forRoutes(ApiController);
   }
 }
diff --git a/src/modules/oauth2/oauth2.service.ts b/src/modules/oauth2/oauth2.service.ts
index d7e89bc..cee2c84 100644
--- a/src/modules/oauth2/oauth2.service.ts
+++ b/src/modules/oauth2/oauth2.service.ts
@@ -69,9 +69,9 @@ export class OAuth2Service {
     public clientService: OAuth2ClientService,
     public tokenService: OAuth2TokenService,
   ) {
-    // if (process.env.NODE_ENV === 'development') {
-    //   this.oauth.logger.setLogLevel('debug');
-    // }
+    if (process.env.NODE_ENV === 'development') {
+      this.oauth.logger.setLogLevel('debug');
+    }
   }
 
   public splitScope(scope: string | string[]): string[] {
diff --git a/src/modules/static-front-end/oauth2-router/oauth2-router.controller.ts b/src/modules/static-front-end/oauth2-router/oauth2-router.controller.ts
index 2d7f2be..1f2245f 100644
--- a/src/modules/static-front-end/oauth2-router/oauth2-router.controller.ts
+++ b/src/modules/static-front-end/oauth2-router/oauth2-router.controller.ts
@@ -65,7 +65,6 @@ export class OAuth2Controller {
   }
 
   // User information endpoint
-  // TODO: Move to API
 
   @ApiBearerAuth()
   @Get('user')
diff --git a/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts b/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
index 7f33e76..f44d05a 100644
--- a/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
+++ b/src/modules/static-front-end/oauth2-router/oauth2-router.module.ts
@@ -1,4 +1,5 @@
 import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
+// import * as cors from 'cors';
 import { AuthMiddleware } from 'src/middleware/auth.middleware';
 import { CSRFMiddleware } from 'src/middleware/csrf.middleware';
 import { UserMiddleware } from 'src/middleware/user.middleware';
@@ -13,10 +14,11 @@ import { OAuth2Controller } from './oauth2-router.controller';
   imports: [OAuth2Module, UserModule],
 })
 export class OAuth2RouterModule implements NestModule {
+  // private corsOpts = cors({ origin: true, credentials: true });
+
   constructor(private _service: OAuth2Service) {}
 
   configure(consumer: MiddlewareConsumer) {
-    consumer.apply(this._service.oauth.express()).forRoutes('oauth2/*');
     consumer
       .apply(
         CSRFMiddleware,
@@ -25,5 +27,11 @@ export class OAuth2RouterModule implements NestModule {
         ValidateCSRFMiddleware,
       )
       .forRoutes('oauth2/authorize');
+
+    // consumer
+    //   .apply(this.corsOpts)
+    //   .forRoutes('oauth2/token', 'oauth2/introspect', 'oauth2/user');
+
+    consumer.apply(this._service.oauth.express()).forRoutes(OAuth2Controller);
   }
 }